Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/nk4SahgFWk80fIeSvnfsgSbKV9k.roa
File:                     nk4SahgFWk80fIeSvnfsgSbKV9k.roa (raw, json)
Hash identifier:          R/djDX/lfARqCaBhtyd4aE0ytKRR2G8QNSo5soMrv0s=
Subject key identifier:   9E:4E:12:6A:18:05:5A:4F:34:7C:87:92:BE:77:EC:81:26:CA:57:D9
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0187FF715322756E13AF7148767332289149
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/nk4SahgFWk80fIeSvnfsgSbKV9k.roa
Signing time:             Tue 09 May 2023 07:37:09 +0000
ROA not before:           Tue 09 May 2023 07:37:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        188.212.132.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          87.247.148.0/24 maxlen: 24
                          188.240.230.0/24 maxlen: 24
                          188.240.232.0/24 maxlen: 24
                          185.241.209.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          93.115.254.0/23 maxlen: 24
                          188.213.203.0/24 maxlen: 24
                          185.255.169.0/24 maxlen: 24
                          185.255.170.0/24 maxlen: 24
                          185.103.72.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ff:71:53:22:75:6e:13:af:71:48:76:73:32:28:91:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: May  9 07:37:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9e4e126a18055a4f347c8792be77ec8126ca57d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ce:3b:b8:59:ca:3d:b4:b8:2a:4a:cf:8f:da:
                    2c:7d:66:52:17:5f:3a:2c:12:32:85:c4:15:86:a4:
                    a9:0c:e3:9d:c4:3b:61:08:6b:fb:51:fc:c6:b8:fd:
                    87:e5:0a:4d:cd:54:82:ab:94:17:08:03:d1:0d:0b:
                    4c:da:98:fa:94:2f:80:0b:7e:76:36:97:de:64:52:
                    7e:0e:39:a5:17:8b:30:45:be:40:2c:b2:8d:b2:a9:
                    4e:d1:26:e5:3f:75:f9:5e:ea:6e:8d:f5:c9:5b:74:
                    c7:11:10:5e:2b:7b:96:48:c6:2e:c9:90:6d:d3:99:
                    70:86:00:6b:70:df:8f:cc:7c:e2:e8:94:dd:03:51:
                    e5:9c:d0:95:63:2b:69:ed:c6:0a:bc:50:87:f8:2d:
                    3d:2c:04:df:29:e6:72:7f:99:f1:e9:cc:d2:72:91:
                    f1:43:60:a0:8d:3c:d6:68:fc:bf:3f:08:f5:70:06:
                    c0:3c:ce:c5:fb:3c:a9:05:6d:92:af:46:a6:36:34:
                    d1:6b:e3:7d:a7:9a:ad:44:32:0b:b5:7b:a0:be:f2:
                    31:42:6d:9e:3f:f4:1a:30:8c:d1:45:98:2d:fd:48:
                    07:9c:49:b8:b7:b5:6b:f8:1e:7f:91:20:83:1e:b1:
                    13:d7:61:a3:fd:9a:ac:99:3a:c4:a9:2c:64:9e:aa:
                    65:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:4E:12:6A:18:05:5A:4F:34:7C:87:92:BE:77:EC:81:26:CA:57:D9
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/nk4SahgFWk80fIeSvnfsgSbKV9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.247.148.0/24
                  89.37.63.0/24
                  91.188.204.0/24
                  93.115.254.0/23
                  185.103.72.0/24
                  185.238.10.0/24
                  185.241.209.0-185.241.211.255
                  185.255.169.0-185.255.170.255
                  188.212.132.0/23
                  188.213.203.0/24
                  188.240.230.0/24
                  188.240.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:62:e7:38:a1:56:0f:2e:0a:95:6f:0e:1c:70:09:f6:7c:58:
         b7:8e:55:b7:5b:e9:6e:3e:46:70:6e:d4:c4:17:9f:1b:99:ce:
         c5:08:67:2b:ca:bc:cd:26:e6:b6:50:57:58:5f:3b:1b:9c:07:
         cf:c7:b2:f9:05:f4:9d:ac:f8:5f:62:aa:93:45:a6:71:4f:26:
         33:d9:9b:17:70:03:d4:25:6e:bc:8d:b6:4c:36:c6:42:3d:85:
         66:ae:7e:21:3f:55:04:06:49:4c:76:aa:1a:63:73:2b:7e:03:
         8d:a6:70:0b:05:c2:dd:ad:b4:26:ac:27:3b:26:f9:44:c5:19:
         1c:b3:ef:46:dd:3d:17:55:41:da:9f:39:20:b1:d3:9b:53:23:
         06:dd:d7:f1:b2:18:e9:b6:68:a4:6b:d4:c4:43:b0:e2:f7:5c:
         eb:d3:6d:ee:bc:2d:86:7c:b5:23:ff:c7:3c:ac:ba:5f:91:c1:
         bf:3c:29:6b:08:70:69:21:6a:31:78:39:4c:ea:dc:8b:2b:ae:
         25:67:c6:97:50:84:75:a0:7f:dc:ab:98:e3:57:71:6d:0f:c7:
         bf:51:96:90:ea:06:5f:39:04:fa:54:73:c1:18:a8:ee:8d:d6:
         f6:5c:47:e8:d8:9e:97:f9:76:57:7c:49:b2:58:3e:22:18:6e:
         23:1e:b4:9c
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYf/cVMidW4Tr3FIdnMyKJFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTA5MDczNzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTRlMTI2YTE4MDU1YTRmMzQ3Yzg3OTJiZTc3ZWM4MTI2Y2E1N2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi847uFnKPbS4KkrPj9osfWZSF186
LBIyhcQVhqSpDOOdxDthCGv7UfzGuP2H5QpNzVSCq5QXCAPRDQtM2pj6lC+AC352
NpfeZFJ+DjmlF4swRb5ALLKNsqlO0SblP3X5XupujfXJW3THERBeK3uWSMYuyZBt
05lwhgBrcN+PzHzi6JTdA1HlnNCVYytp7cYKvFCH+C09LATfKeZyf5nx6czScpHx
Q2CgjTzWaPy/Pwj1cAbAPM7F+zypBW2Sr0amNjTRa+N9p5qtRDILtXugvvIxQm2e
P/QaMIzRRZgt/UgHnEm4t7Vr+B5/kSCDHrET12Gj/ZqsmTrEqSxknqplJwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFJ5OEmoYBVpPNHyHkr537IEmylfZMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbms0U2FoZ0ZXazgwZkllU3ZuZnNnU2JLVjlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQAV/eUAwQA
WSU/AwQAW7zMAwQBXXP+AwQAuWdIAwQAue4KMAwDBAC58dEDBAK58dAwDAMEALn/
qQMEALn/qgMEAbzUhAMEALzVywMEALzw5gMEALzw6DANBgkqhkiG9w0BAQsFAAOC
AQEAA2LnOKFWDy4KlW8OHHAJ9nxYt45Vt1vpbj5GcG7UxBefG5nOxQhnK8q8zSbm
tlBXWF87G5wHz8ey+QX0naz4X2Kqk0WmcU8mM9mbF3AD1CVuvI22TDbGQj2FZq5+
IT9VBAZJTHaqGmNzK34DjaZwCwXC3a20JqwnOyb5RMUZHLPvRt09F1VB2p85ILHT
m1MjBt3X8bIY6bZopGvUxEOw4vdc69Nt7rwthny1I//HPKy6X5HBvzwpawhwaSFq
MXg5TOrciyuuJWfGl1CEdaB/3KuY41dxbQ/Hv1GWkOoGXzkE+lRzwRio7o3W9lxH
6Niel/l2V3xJslg+IhhuIx60nA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org